Strategy: How to Conduct an Effective IT Security Risk Assessment

Brad Causey01/01/13

Strategy: How to Conduct an Effective IT Security Risk Assessment

Assessing an organization’s security risk is a key element of an effective enterprise ­security ­strategy. Such assessments can mitigate the impact of a security breach or, more to the point, prevent such a breach from happening in the first place. Done well and used correctly, an IT security assessment can also be an invaluable tool for justifying future ­security spending. The CEO and other business executives may not understand the technical underpinnings of vulnerabilities, hacks and the security tools used to keep organizations safe, but they will ­understand the ­dollars and cents involved when systems, networks and data are compromised.

In this special report, Dark Reading offers an in-depth look at the risk assessment process, the potential means and practices for conducting an audit, and the strengths and pitfalls surrounding a security risk assessment. We also offer some insight into how to measure and convey risk ­parameters so that they can be understood and used by upper management. (S6450113)